Menu
homeTechnique

What kind of VPN program is it? Virtual private networks (vpn)

The number of concepts and abbreviations that no one understands, relating to the emergence of new and modification of old technologies, is growing exponentially. VPN is one of them. This publication sets out to understand this incomprehensible abbreviation and determine the reason for its frequent mention in relation to network connections.

VPN, what is it?

In principle, this is a regular network (“N” in the acronym stands for “Network”). But it has its own subtleties. Firstly, it is virtual, and secondly, it is private. That is, “Virtual” and “Private” (the first two letters of the abbreviation).

VPN abbreviation

It is called virtual because it exists at a certain level of abstraction from the hardware. This means that it does not care through what channels the communication is carried out, what devices are connected and other conditions. VPN uses all available resources for its operation.

But the main feature of a VPN is that it is private. Although it uses common communication channels and protocols, most often the Internet, the “uncle on the street” cannot enter it, but only a trusted participant who has the right to do so.

Operating principle

To understand how a VPN works, you need to consider the simplest case of communication between two points (computers). In the unprotected part of the path (most often the Internet), a tunnel is created connecting them. The difficulty is not in organizing such a connection, but in protecting the data that is vulnerable on an unprotected section of the network. Information passing through a public channel can be stolen or distorted by attackers.

VPN device

To prevent this, various types of encryption are used. Therefore, the main task of a VPN connection is to ensure uniformity of encryption and decryption across its nodes, as well as interfacing network protocols when it comes to different server systems.

Why do you need a VPN?

The main reason for creating a VPN was the desire, even the urgent need, to create secure networks that could be accessed regardless of geographic location. Remote access of employees to the network of the head office from a business trip, for example. Further more. There is no way for multinational corporations to run wires between their offices in different countries or continents. VPN technology comes to the rescue in this case too. A simpler example would be organizing a VPN based on an enterprise’s local network to limit the powers of various groups, departments, workshops, and the like.

How to create a VPN network

There are a number of applications for creating a VPN network, TeamViewer or Hamachi, for example. Although this can be done using standard Windows tools, it is less efficient, secure and convenient. To do this, you need to enter the “Network Connections” of your computer through the “Control Panel”.

Hamachi program

In the “File” menu, select “New Connection”, where you indicate that the connection being created is a VPN. Next, you need to add or specify a user who will be allowed access. Then indicate that communication will be carried out via the Internet and select TCP/IP as the connection protocol. In the last dialog box, you must click “Allow access” and the Windows VPN server is ready to work.

VPN (Virtual Private Networks) - virtual private networks. VPN is one of those technologies that is unknown where it came from. However, when such technologies take root in a company's infrastructure, everyone wonders how they ever managed without them. Virtual private networks allow you to use the Internet as your own private network. Thus, the proliferation of VPNs is related to the development of the Internet. The technology itself uses the TCP/IP protocol stack as the basis for its work.

In order to understand what a VPN is, you need to understand two concepts: encryption and virtuality.

Encryption is the reversible transformation of a message to hide it from unauthorized persons.

Virtuality is an object or state that does not really exist, but can arise under certain conditions.

Encryption converts a message from one form, such as "Hello!" into another form “*&878hJf7*&8723”. On the other hand, there is also an inverse transformation, which is called decryption, i.e. converting the message "*&878hJf7*&8723" into a "Hello!" message. The security approach in VPNs assumes that no one other than the intended recipient will be able to perform decryption.

The concept of “virtuality” refers to the “as if” situation. For example, a situation where you access a remote computer using a tablet. In this case, the tablet simulates the operation of a remote computer.

The term VPN has a precise definition:

A VPN is an encrypted or encapsulated communication process that securely transfers data from one point to another; The security of this data is ensured by strong encryption technology and the transmitted data passes through an open, unsecured, routed network.

Since the VPN is encrypted, when communicating between nodes, data is transmitted securely and its integrity is guaranteed. Data flows through an open, unsecured, routed network, so when transmitted over a shared link, it can take many paths to its final destination. Thus, VPN can be thought of as the process of sending encrypted data from one point to another over the Internet.

Encapsulation is the process of placing a data packet inside an IP packet. Encapsulation allows you to add an additional layer of protection. Encapsulation allows you to create VPN tunnels and transfer data over a network with other protocols. The most common way to create VPN tunnels is to encapsulate network protocols (IP, IPX, AppleTalk, etc.) in PPP and then encapsulate the resulting packets into tunneling protocols. The latter most often is the IP protocol, although, in rare cases, ATM and Frame Relay protocols can also be used. This approach is called second-layer tunneling, since the passenger here is the second layer protocol (PPP).

An alternative approach is to encapsulate network protocol packets directly into a tunneling protocol (such as VTP), called Layer 3 tunneling.

VPNs are divided into three types based on their purpose:

  1. Intranet is used to unite several distributed branches of one organization into a single secure network, exchanging data via open communication channels.
  2. Extranet - Used for networks to which external users (for example, customers or clients) connect. Due to the fact that the level of trust in such users is lower than in company employees, special protection is required to prevent external users from accessing particularly valuable information.
  3. Remote access - created between central corporate offices and remote mobile users. With encryption software loaded onto a remote laptop, the remote user establishes an encrypted tunnel with a VPN device at central corporate offices.

There are many options for implementing a VPN. When choosing how to implement a VPN, you need to consider the performance factors of VPN systems. For example, if a router is running at the limit of its processor power, then adding additional VPN tunnels and applying encryption/decryption could bring the entire network to a halt as the router cannot handle normal traffic.

VPN implementation options:

  1. VPN based on firewalls. A firewall (firewall) is a software or hardware-software element of a computer network that controls and filters network traffic passing through it in accordance with specified rules. Today, most firewall vendors support tunneling and data encryption. All such products are based on the fact that traffic passing through the firewall is encrypted.
  2. Router-based VPN. Since all information emanating from the local network first arrives at the router, it is advisable to assign encryption functions to it. Cisco routers, for example, support L2TP and IPSec encryption protocols. In addition to simple encryption, they also support other VPN features such as authentication at connection establishment and key exchange.
  3. VPN based on a network operating system. In Linux, technologies such as OpenVPN, OpenConnect or NetworkManager are usually used to connect a VPN. Creating a VPN in Windows uses the PPTP protocol, which is integrated into the Windows system.

___________________________

Every year electronic communications are improving, and increasingly high demands are placed on information exchange for speed, security and quality of data processing.

And here we will look at a VPN connection in detail: what it is, why a VPN tunnel is needed, and how to use a VPN connection.

This material is a kind of introductory word to a series of articles where we will tell you how to create a vpn on various operating systems.

VPN connection what is it?

So, a virtual private network vpn is a technology that provides a secure (closed from external access) connection of a logical network over a private or public one in the presence of high-speed Internet.

Such a network connection of computers (geographically distant from each other at a considerable distance) uses a “point-to-point” connection (in other words, “computer-to-computer”).

Scientifically, this connection method is called a VPN tunnel (or tunnel protocol). You can connect to such a tunnel if you have a computer with any operating system that has an integrated VPN client that can “forward” virtual ports using the TCP/IP protocol to another network.

Why do you need a VPN?

The main benefit of a vpn is that negotiaters need a connectivity platform that not only scales quickly, but also (primarily) ensures data confidentiality, data integrity, and authentication.

The diagram clearly shows the use of VPN networks.

Rules for connections over a secure channel must first be written on the server and router.

How VPN works

When a connection occurs via VPN, the message header contains information about the IP address of the VPN server and the remote route.

Encapsulated data passing over a shared or public network cannot be intercepted because all information is encrypted.

The VPN encryption stage is implemented on the sender's side, and the recipient's data is decrypted using the message header (if there is a shared encryption key).

After the message is correctly decrypted, a VPN connection is established between the two networks, which also allows you to work on a public network (for example, exchange data with a client 93.88.190.5).

As for information security, the Internet is an extremely unsecured network, and a VPN network with the OpenVPN, L2TP / IPSec, PPTP, PPPoE protocols is a completely secure and safe way to transfer data.

Why do you need a VPN channel?

VPN tunneling is used:

Inside the corporate network;

To unite remote offices, as well as small branches;

For digital telephony services with a wide range of telecommunications services;

To access external IT resources;

For building and implementing video conferences.

Why do you need a VPN?

VPN connection is required for:

Anonymous work on the Internet;

Downloading applications when the IP address is located in another regional zone of the country;

Safe work in a corporate environment using communications;

Simplicity and convenience of connection setup;

Ensuring high connection speed without interruptions;

Creating a secure channel without hacker attacks.

How to use VPN?

Examples of how VPN works can be given endlessly. So, on any computer in the corporate network, when you establish a secure VPN connection, you can use mail to check messages, publish materials from anywhere in the country, or download files from torrent networks.

VPN: what is it on your phone?

Access via VPN on a phone (iPhone or any other Android device) allows you to maintain anonymity when using the Internet in public places, as well as prevent traffic interception and device hacking.

A VPN client installed on any OS allows you to bypass many of the provider’s settings and rules (if the provider has set any restrictions).

Which VPN to choose for your phone?

Mobile phones and smartphones running Android OS can use applications from Google Playmarket:

  • - vpnRoot, droidVPN,
  • - tor browser for network surfing, also known as orbot
  • - InBrowser, orfox (firefox+tor),
  • - SuperVPN Free VPN Client
  • - OpenVPN Connect
  • - TunnelBear VPN
  • - Hideman VPN

Most of these programs are used for the convenience of “hot” system setup, placing launch shortcuts, anonymous Internet surfing, and selecting the type of connection encryption.

But the main tasks of using a VPN on a phone are checking corporate email, creating video conferences with several participants, and holding meetings outside the organization (for example, when an employee is on a business trip).

What is VPN on iPhone?

Let's look at which VPN to choose and how to connect it on an iPhone in more detail.

Depending on the type of network supported, when you first start the VPN configuration on your iPhone, you can select the following protocols: L2TP, PPTP and Cisco IPSec (in addition, you can “make” a VPN connection using third-party applications).

All of the listed protocols support encryption keys, user identification using a password and certification are carried out.

Additional features when setting up a VPN profile on an iPhone include: RSA security, encryption level, and authorization rules for connecting to the server.

For an iPhone phone from the appstore, you should choose:

  • - a free Tunnelbear application with which you can connect to VPN servers in any country.
  • - OpenVPN connect is one of the best VPN clients. Here, to launch the application, you must first import RSA keys via iTunes into your phone.
  • - Cloak is a shareware application, since for some time the product can be “used” for free, but to use the program after the demo period has expired, you will have to buy it.

VPN creation: selection and configuration of equipment

For corporate communications in large organizations or combining offices remote from each other, they use hardware equipment that can support continuous, secure work on the network.

To implement VPN technologies, the role of a network gateway can be: Unix servers, Windows servers, a network router and a network gateway on which VPN is installed.

A server or device used to create a VPN enterprise network or a VPN channel between remote offices must perform complex technical tasks and provide a full range of services to users both on workstations and on mobile devices.

Any router or VPN router must provide reliable operation on the network without freezes. And the built-in VPN function allows you to change the network configuration for working at home, in an organization or a remote office.

Setting up VPN on the router

In general, setting up a VPN on a router is done using the router’s web interface. On “classic” devices, to organize a VPN, you need to go to the “settings” or “network settings” section, where you select the VPN section, specify the protocol type, enter the settings for your subnet address, mask and specify the range of IP addresses for users.

In addition, to secure the connection, you will need to specify encoding algorithms, authentication methods, generate negotiation keys, and specify the WINS DNS servers. In the “Gateway” parameters you need to specify the gateway IP address (your own IP) and fill in the data on all network adapters.

If there are several routers in the network, you need to fill out the VPN routing table for all devices in the VPN tunnel.

Here is a list of hardware equipment used to build VPN networks:

Dlink routers: DIR-320, DIR-620, DSR-1000 with new firmware or D-Link DI808HV Router.

Routers Cisco PIX 501, Cisco 871-SEC-K9

Linksys Rv082 router with support for about 50 VPN tunnels

Netgear router DG834G and routers models FVS318G, FVS318N, FVS336G, SRX5308

Mikrotik router with OpenVPN function. Example RouterBoard RB/2011L-IN Mikrotik

VPN equipment RVPN S-Terra or VPN Gate

ASUS routers models RT-N66U, RT-N16 and RT N-10

ZyXel routers ZyWALL 5, ZyWALL P1, ZyWALL USG

In the 21st century, information technologies occupy an integral place in the life of almost any person. Even an 80-year-old grandmother from a village who does not know how to turn on a computer is indirectly connected with them. Databases, bank accounts, messenger accounts - all this requires a high level of security. The Internet, which has grown to a global scale, like any other mechanism, becomes more vulnerable as its design becomes more complex. To protect confidential information, VPN technology was invented.

VPN connection (from the English Virtual Private Network - virtual private network) is a technology that allows you to artificially form a local network of Internet participants who are not physically connected by a direct connection. This is an add-on to the global network that provides communication between nodes that appears direct from the client side.


How a VPN connection works

A VPN virtual network works on the principle of establishing a fixed connection. Communication can be established directly, between two nodes of the same level (on a network-to-network or client-client basis), or (more commonly) between a network and a client. One of the elements (the connection initiating server) must have a static (permanent) IP address at which other network nodes will find it. An access point is created on the server in the form of a gateway with Internet access. Other network participants join it, the connection is made in the form of an isolated tunnel.

For all switching nodes through which data packets pass, the information is encrypted. It is transmitted in the form of an unintelligible stream, the interception of which will give hackers nothing. Encoding-decoding keys for many protocols (for example, OpenVPN) are stored only on end devices. And without them, attackers cannot do anything with the intercepted data. For maximum security, an archive with certificates and keys (without which it will not be possible to install a secure VPN) can be sent in encrypted form, or manually transferred to a flash drive. In this case, the likelihood of unauthorized access to network computers is reduced to zero.

Why do you need a VPN?

Direct communication

On the Internet, the physical distance between participants and the complexity of the route along which they exchange data do not matter. Thanks to IP addressing and DNS nodes, you can access another computer on the World Wide Web from anywhere in the world. The level of security of the connection is much more important, especially when exchanging confidential information. The more switching points (routers, gateways, bridges, nodes) data passes through, the higher the likelihood of it being intercepted by attackers. Having the physical parameters of a PC or server (for example, its IP address) - through vulnerable connection methods, hackers can penetrate it by breaking password protection. It is precisely from such attacks that the VPN protocol is designed to protect.

Unblocking access to resources

The second function of VPN networks is to open access to blocked resources. If there is Internet censorship in one form or another on the territory of a country (as in China), its citizens may be limited in access to certain resources. Accessing the network through foreign VPN servers allows you to avoid the threat of reprisals to representatives of opposition forces in totalitarian countries. State authorities that interfere with freedom of speech (as in China or the DPRK) will not be able to bring charges of viewing “ideologically harmful” resources, even if providers provide them with a backup of all intercepted data.

Some online services may block access to clients from countries and regions where they are not officially present. This is sometimes done by online games, international payment systems, trading platforms, online stores, online distribution systems for digital content (music, films, games). A VPN server based in a country where access is open removes such restrictions and allows you to make purchases.

Protection against hacking of private resources

Another reason why private clients need a VPN connection is remote administration. If you want to protect your server as much as possible from outside interference, you can create a “white list” of IP addresses that have access to it. When one of them (addresses) belongs to a private VPN server, you can safely connect to the administered server from anywhere in the world using encrypted communication. The administration object will consider that it was connected to from an authorized terminal, and the administrator will not have to worry about the risk of hacking.

Protection of trade secrets

VPN protocols are in demand in commercial structures that work with money and economic secrets. The virtual secure network prevents hackers from hacking accounts or finding out industrial secrets and technologies. Employees who, due to their duties, need to gain access to the company’s network resources from home or on a business trip, can organize a connection via VPN without exposing the corporate network to the threat of hacking.